One system for controlling access to a data file is shown in U.S. Pat. No. 4,864,616 issued Sept. 5, 1989 and hereby incorporated by reference herein. This prior system is a labeling mechanism which enabled encryption of a file and also enabled a limited number of access restrictions to the file. It also enabled identification of the owner of the file to be established. The access limitations in the existing labeling system are restricted to a few restrictions, such as the file owner, the company, and the machine.
Users of such data access control systems in general desire to limit access to files in a more specific way. They want to be able to specify read only access to a file to particular users and give other users read/write access to the same file. They also want to have a category for allowing full access to a group of individuals for certain files. There are also situations where numerous users must be able to write to a file while allowing only a limited number of people to access the file for reading purposes.
The existing labeling system does not have such capabilities and thus it must be enhanced so that the system has capability for administration and record keeping type tasks.
A further problem exists when PCs are used since any PC could have a multiplicity of users. Also, the data for any PC is easily appropriated by either removing the diskette where the data is stored or by taking the hard drive from the system or by dumping the entire system data and files onto an alternate diskette. Thus, data which one would assume to be securely locked in a room could be moved to a different PC. Therefore, any source must be arranged so that data which is created on one machine cannot be read from another machine.
Accordingly, there exists a need in the art for a cryptographic system which allows for a plurality of users, each with a different data access capability and which also allows certain user restrictions and rights to be granted both by the user and by a system administrator.
There also exists in the art a need for a secure cryptographic system where different decoding keys can be used for different files under control of a file creator.